UK gets the Ashley Madison fear: Data privacy moans on the up
No one needs to know about my gardening mag habit
Consumer complaints about the way personal data is handled increased by 30 per cent from 2013 to 2014, according to figures from Pinsent Masons, acquired via several Freedom of Information requests to the Information Commissioners Office (ICO).
Complaints about the security of personal information rose from 886 in 2013 to 1,150 in 2014, while complaints about personal data increased 64 per cent over a five-year period, according to the law firm.
Pinsent Masons said the increase in consumer complaints highlights increasing levels of public unease over how big business and other organisations store personal information.
High profile attacks on corporations such as Sony and Target, and the recent damaging attack on infidelity site Ashley Madison, have raised public awareness about how personal data is treated, the law firm claims.
"Information security isn't a new issue; businesses have always had a responsibility to protect customer data. But as consumers are increasingly finding themselves left exposed as a result of cyber attacks, concern is clearly growing," said Luke Scanlon, technology lawyer at the firm.
"The chances are that they wouldn't be making these complaints without having been directly impacted in some way," he added.
Businesses can be fined up to £500,000 by the ICO under the Data Protection Act if the regulator finds that the company has failed to take appropriate measures to protect customer information. The possibility of civil lawsuits by victims of breaches can further damage the bottom line of companies.
Corporates are beginning to introduce more sophisticated incident response procedures in response to these varied risks, according to Pinsent Masons.
"We're definitely seeing the cyber-attack threat moving up the corporate food chain to being a C-suite issue. Nobody wants to be the one who gets hit, and many bluechips are now role-playing what happens in that scenario,” Scanlon explained.
“There is increasing recognition that how an organisation responds to the compromise of customer data can impact its long-term prospects as deeply as the incident itself," he added.
"Many of the businesses and other organisations we are working with are working hard not just to implement good procedures and controls, but also to develop cross-disciplinary teams who understand the legal and reputational issues in the event of a crisis,” Scanlon said.
Around 90 per cent of large organisations and 74 per cent of small businesses experienced information security breaches in the past year, according to a UK government-commissioned survey published in June 2015. However, it is not currently mandatory to report data breaches.
Scanlon concluded: "The incoming General Data Protection Regulation (GDPR) is likely to enforce a change in reporting requirements, bringing to light the volume of information breaches being encountered amongst UK businesses. The scale of the challenge we are facing will be shocking." ®